Hack

[Python] pwntools & libc.rand

Nehoy 2017. 2. 19. 18:08

- pwntools 사용법

# import

from pwn import *


# access 1

shell = ssh("id", "127.0.0.1", port=9999, password="passwd")

proc = shell.run("./program")


# access 2

proc = process("./program")

proc = process(["cat", "test"]) # 2017.05.16


# access 3

proc = remote("localhost", 9002)


# send

proc.send("test\n")

proc.sendline("test")


# recv

proc.recv()                 # EOF deadlock

proc.recvline()            # \n deadlock

proc.recvlines()           # EOF deadlock

proc.recvrepeat(0.3)

proc.recvall()              # EOF deadlock

proc.recvuntil(str)       # str deadlock


# p32 | p64 <==> u32 | u64 (반대되는 함수)

addr = proc.recvline()

addr = int(addr, 16)

addr = p64(addr)       # p32 or p64


# poll : exit code 반환 (실행 중일 경우 None 반환)

// proc.poll(False)          # 매개변수는 deadlock 여부

proc.poll()                   # 2017.05.16


# ELF

program = ELF('./program')

libc = ELF('./libc')


setvbuf_plt = program.plt['setvbuf']

setvbuf_got = program.got['setvbuf']


system_offset = libc.symbols['system']


- libc.rand 사용법

# import

from ctypes import *

import time


# setting

libc = CDLL('libc.so.6')

seed = libc.time()

libc.srand(seed)


# rand

libc.rand()

저작자표시 (새창열림)